feat: slim down Docker image size by 8x using Alpine Linux base and multi-stage build

Dockerfile

@@ -1,29 +1,22 @@
-# Multi-stage build to create a distroless image
-FROM python:3.13 AS builder
-
-# Install poetry and the export plugin
-# RUN pip install poetry poetry-plugin-export
+# Multi-stage build to create a minimal image
+FROM python:3.13-alpine AS builder
 
 # Create working directory
 WORKDIR /app
 
-# Export dependencies to requirements.txt
-# RUN poetry export -f requirements.txt --output requirements.txt --without-hashes
-
 # Copy dependency files
 COPY requirements.txt ./
 
-# Install dependencies to a target directory that we can copy to the distroless image
-RUN pip install --no-cache-dir --target=/app/site-packages -r requirements.txt
+# Install dependencies to a target directory
+RUN pip install --no-cache-dir --no-deps --disable-pip-version-check --target=/app/site-packages -r requirements.txt
 
-FROM python:3.13-slim
+# Use Alpine as the base image for a much smaller footprint
+FROM python:3.13-alpine
 
-# RUN apt update \
-#     && apt -y upgrade \
-#     && apt clean \
-#     && rm /var/lib/apt/lists/* || true
+# Install ca-certificates for SSL/HTTPS support and tzdata for timezone support
+RUN apk add --no-cache ca-certificates tzdata
 
-# Copy installed packages and application from builder stage
+# Copy installed packages from builder stage
 COPY --from=builder /app/site-packages /app/site-packages
 
 # Copy application code
@@ -36,8 +29,12 @@ ENV PYTHONPATH=/app/site-packages
 # Set working directory
 WORKDIR /app
 
+# Create a non-root user for security
+RUN adduser -D -u 1000 myice
+USER myice
+
 # Expose port
 EXPOSE 8000
 
-# Run the application directly with Python using the distroless entrypoint
-ENTRYPOINT ["/usr/bin/python3", "-m", "uvicorn", "myice.webapi:app", "--host", "0.0.0.0", "--port", "8000"]
+# Run the application
+ENTRYPOINT ["python", "-m", "uvicorn", "myice.webapi:app", "--host", "0.0.0.0", "--port", "8000"]